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[57] 



ABSTRACT 



An agent is permanently resident in a server as software for 
the purpose of cryptographic processing. In addition, 
another agent that is described in mobile code and contains 
a program for the purpose of cryptographic processing is 
also stored in the server. When data that are to be sent and 
received between the server and a client are encrypted, the 
agent that is described in mobile code is sent from the server 
to the client. When the client receives data that were 
encrypted in the server, it reproduces those data by decryp- 
tion using the received agent. 
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1 

ENCRYPTION COMMUNICATION SYSTEM 
USING AN AGENT AND A STORAGE 
MEDIUM FOR STORING THAT AGENT 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

This invention is related to an encryption communication 
method to prevent the theft and interception of, and tam- 
pering with, information in communication between com- 
puters; in particular, it relates to a method of encryption 
using an agent. 

2. Description of the Related Art 

In recent years, with the explosive spread of the Internet 
and intranets, the importance of information security has 
been steadily increasing. Known methods of security in 
information communication include the method of encryp- 
tion of information using encryption keys that are possessed 
in common by terminals, such as the DES (Data Encryption 
Standard), and a method of encryption such as RSAin which 
terminals exchange public keys and information is encrypted 
using their private keys. In addition, to increase the safety of 
encryption, there are known methods such as changing the 
encryption key and encryption method over time, as 
described, for example, in Tokkaihei (Japanese Patent 
Disclosure) 1-212041. 

In a conventional ordinary encryption communication 
system, the encryption method is public information. For 
this reason, in order to obtain a strong cryptosystcm, the key 
used in encryption must have a large number of bits. 
However, when the key used in encryption has a large 
number of bits, the time required for encryption and decryp- 
tion processing inevitably becomes long. In particular, when 
encryption is done in real time applications (such as voice 
and images) the slowness of the processing in conventional 
methods such as DES and RSA is a problem. 

When encryption is done by a method that involves 
changing the combination of the encryption key and the 
encryption method over time, it is necessary to preregister 
the encryption key and preinslall the encryption program in 
the terminals that will be used for such encryption commu- 
nication. Consequently, every time new terminal facilities 
are added in a network it is necessary to register the 
encryption key and install the encryption program in those 
terminals. 

SUMMARY OF THE INVENTION 
A purpose of this invention is to provide a strong encryp- 
tion method that has adequate processing speed so that in 
practice there is no problem in real time transfer of data. 

Another purpose of this invention is to make it possible to 
conduct encrypted communication between terminals with- 
out having to preinslall the same encryption program in 
them. 

An encryption communication method of the present 
invention is based on the system in which encrypted data arc 
transmitted between a first terminal and a second terminal. 
The method includes the following steps. 

A step for transmitting, from the first terminal in which a 
first agent is installed, the first agent including a program for 
cryptographic processing, a second agent having substan- 
tially the same function as the first agent to the second 
terminal. 

A step for performing an encryption communication 
between the first agent and the second agent. 

Another feature of Ihc present invention is based on the 
system in which encrypted data are transmitted among a 
plurality of terminals. The method includes the following 
steps. 
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A step for distributing agents including a program for 
cryptographic processing from an agent distributing server 
to the plurality of terminals; and 

A step for performing an encryption communication 
5 between the distributed agents. 

BRIEF DESCRIPTIONS OF THE DRAWINGS 

FIG. 1 is a diagram explaining an outline of this invention. 
10 FIG. 2 is a configuration diagram of the server and the 
client. 

FIGS 3A and 3B are configuration diagrams of a trusted 
agent described in mobile code. 

FIGS. 4A and 4B are sequence diagrams explaining the 
15 processing involved in sending a trusted agent and estab- 
lishing an encrypted communication path. 

FIG. 5 is a configuration diagram of the encrypted com- 
munication system of one embodiment of this invention. 
FIG. 6 is a configuration diagram of the encrypted com- 
20 munication system of another embodiment of this invention. 
FIGS. 7A and 7B are diagrams showing one example of 
the configuration of a cryptographic processing unit. 
FIG. 8 is a diagram showing the hardware circuit of an 
25 embodiment of a pseudo random number generator. 

FIG. 9 is a diagram showing the configuration of a 3-stage 
pseudo random number generator that generates the M 
series. 

FIGS. 10A to IOC are figures showing an example of a 
30 pseudo random number generation method. 

FIG. 11 is a flow chart explaining the action of the 
encryption method selection control unit. 

FIG. 12A is a sequence diagram showing the processing 
on the sending side when data are sent and received between 
3S applications. 

FIG. 12B is a configuration diagram of a data packet that 
transmits cipher text. 

FIG. 13 is a sequence diagram showing the processing on 
the receiving side when data are sent and received between 
applications. 

FIGS. 14A and 14B are diagrams explaining a method of 
establishing cryptographic synchronization. 

FIG. 15 is a diagram showing an example of configuration 
45 of an encrypted communication system that changes the 
seed for the purpose of generating pseudo random numbers. 

FIG. 16 is a configuration diagram of an encrypted 
communication system of another embodiment of this 
invention. 

50 FIG. 17 is a configuration diagram of an encrypted 
communication system of still another embodiment of this 
invention. 

FIG. 18 is a flow chart explaining the action of the seed 
generating section. 
55 FIG. 19 is a configuration diagram for the case in which 
the encrypted communication system of this embodiment is 
matched to the WWW. 
FIG. 20 is a configuration diagram for the case in which 
60 the encrypted communication of this invention is applied to 
an image transmission/voice transmission system. 

FIG. 21 is a configuration diagram of the case in which the 
encrypted communication of this invention is applied to an 
electronic conference system. 
65 FIGS. 22A and 22B are diagrams explaining the process- 
ing for changing the communication object of an application 
program when a trusted agent is used. 
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FIGS. 23 through 29 are figures showing an example of a unit that controls the sending of data to and receiving of 

an agent program used to transmit encrypted images data from a network. 

described in mobile code. The CPU 505 loads programs from the storage device 501 

or the portable storage medium 503 into the memory 506 

DETAILED DESCRIPTION OF THE s and executes them. Note that programs and data stored in the 

INVENTION storage medium 501 may have been written in from the 

In the encrypted communication system of one embodi- P orta u blc stor »S 6 mcdium 503 / or may bc rcccivcd ( !° m 

ment of this invention, first, an agent for the purpose of *? other mach ' ne on a n f wo * ™ * "" mU ?S? «k 

!.'„,?. j » , » * The configuration may also be such that the CPU 505 can 

encryption processing is installed in the sending terminal ^ ^ and dat / stored in anolher st device on a 

Before transferring data, the sending terminal sends an agent 10 a communication line . 

having the same function as the mstallcd agent to the ^ tmsled and ^ ^ ^ ^ c 

receiving terminal The agent that is sent to the receiving device m ^ | e ^ 1Q ^ ^ u ^ f 4 

terminal is described in mobile code. When data are may be installed from the portable storage medium 503 into 

transferred, the data are encrypted using that agent m the me storage 501, 0 r may be installed from another 

sending terminal, and decrypted in the receiving terminal is dcvice on a nctwor k into the storage device 501. The trusted 

using the agent that was sent from the sending terminal. agent 14 js loaded into the memory 506 when an encrypted 

Thus, in this configuration, it is possible to conduct communication is started, 

encrypted communication even with a terminal that docs not In the client 15, the trusted agent 17 is received via the 

have a program for encryption processing. At this time, the communication control section 504 and loaded into the 

encryption and decryption processing are executed by the 20 memory 506. 

agent, so it is not necessary for the user to be concerned with The action of the cryptosystem shown in FIG. 1 is as 

the encryption method used for that encrypted communica- follows. First, before the data communication, the trusted 

tion. Moreover, the encryption and decryption processing agent sending unit 12 is started up and the trusted agent 11 

are performed by agents having the same functions in both js scat from the server 10 to the client 15. At this time, the 

the sending terminal and the receiving terminal, so that the 25 trusted agent 11 is encrypted by a method such as RSA or 

cipher text can be reliably decrypted in the receiving termi- RSA+DES and transferred. 

nal. The encryption method can, if desired, be confidential. processing speeds of RSA, DES, etc. are slow, so they 

The security of the encryption can be increased by changing are not ^ best encryp tion methods to use for encrypting 

the key needed for encryption synchronously in accordance data tnat requ i re rea i t i me processing such as audio data and 

with rules agreed upon in advance between the agents. 3 v j deo data> ^ wnen encrypting a trusted agent, the encryp- 

Therefore, an encryption method with a small overhead can t j on processing and the decryption processing each only 

be selected to reduce processing time. have t0 be done once> and me amoiml 0 f data is much less 

Embodiments of this invention will be described below than in the cases of audio data and video data, so that even 

with reference to the drawings. FIG. 1 is a diagram that in the cases of RSA and DES the processing speed does not 

explains an outline of this invention. This diagram shows an become a problem. 

example in which information is transferred in encrypted Next, me t^ted agent 14 of the server 10 and the trusted 

form between a server 10 and a client 15. The server 10 and agent 17 0 f ^ e c n enl 15 establish the encrypted communi- 

the client 15 are both computers. cat i on pam ig The processing by which the trusted agent 11 

The trusted agent 11 has a program for the purpose of 4Q is transferred from the server 10 to the client 15, and the 

encrypting data, and is described in mobile code. The trusted processing by which the encrypted communication path 18 

agent sending unit 12 sends the trusted agent 11 to the client between the trusted agent 14 and the trusted agent 17 is 

15. The application program 13 performs processing that established, will be explained later, 

accompanies sending data to and receiving data from the The trusted agents 14 and 17 are linked to the application 

client 15. Applications which are envisioned in this embodi- 45 programs 13 and 16, respectively; they encrypt data so that 

ment include telephone, television conferences, video t h e data cannot bc stolen or tampered with, then send and 

transmission, etc., all of which require real-time processing, receive the data to/from each other. The encryption between 

but the possible applications are not limited to these. The t he trusted agent 14 and the trusted agent 17 follows the 

trusted agent 14 is an encrypted program that has the same method described in the programs included in the trusted 

function as the trusted agent 11; it resides permanently in the $Q agcn ts 14 and 17. The trusted agents 14 and 17 can syn- 

server 10. chronously change the key (a confidential key) necessary for 

The application program 16 is basically the same as the encryption in accordance with a predetermined rule. This 

application 13. The trusted agent 17 is the trusted agent 11 increases the strength of the encryption, 

that was transferred from the server 10. The encrypted FIG. 3 is a configuration diagram of the trusted agent U 

communication path 18 is a path established between the 55 described in mobile code. As shown in FIG. 3A, the trusted 

trusted agent 14 and the trusted agent 17. agent 11 consists of an application interface section 11-1 and 

FIG. 2 is a configuration diagram of the server 10 and the a cryptographic processing section 11-2. The application 

client 15. The storage device 501 consists of a semiconduc- interface section 11-1 has the role of exchanging signals 

tor memory, a magnetic recording medium or an optical between an ordinary application program (here, application 

recording medium and so on, and stores programs, data, etc. 60 16) and the cryptographic processing section U-2; the 

The storage device 501 can be permanently installed in the cryptographic processing section 11-2 encrypts and decrypts 

server 10 or the client 15, or it can be removable. signals to/from the application interface section 11-1. 

The storage medium driver 502 is a device that reads out Another function that the application interface section 11-1 

data stored in the portable storage medium 503 (including a has is to absorb differences due to different operating sys- 

semiconductor memory, magnetic disc, optical disc, 65 terns when the API depends on the operating system, 

magneto-optical disc, etc.), or writes data into the portable In FIG. 3B, the trusted agent 11 has an application 

storage medium 503. The communication control unit 504 is program section 11-3. In this case, the application program 
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stored in the trusted agent 11 is described in mobile code, FIG. 5 is a configuration diagram of the encrypted com- 

and the application program section U-3 is transmitted munication system of one embodiment of this invention. The 

together with the application interface section 11-1 and the workstations 20 and 30 correspond to the server 10 and the 

cryptographic processing section 11-2. client 15, respectively, in FIG. 1. The application programs 

FIG. 4A is a sequence diagram that explains the process- s 21 and 31 correspond to the application programs 13 and 16, 

ing by which a trusted agent is sent and an encrypted respectively, in FIG. 1. The trusted agents 22 and 32 

communication path is established. Here it is assumed that correspond to the trusted agents 14 and 17 in FIG. 1, 

the server 10 is the terminal that sends the trusted agent, and respectively. The workstation 20 and the workstation 30 are 

the client IS is the terminal that receives the trusted agent. connected to each other via the Internet 19. 
It is further assumed mat the encryption method uses pseudo 1Q tmsted 22 faas ^ t hic processing 

random numbers. As will be explained in detail la er the * cryptographic processing units 26 

pseudo random numbers arc generated based on an "initial a „ t lt . 6 4 Y .. V A e Jr „ 

^^f. to 29 encrypts data by a different method from the others. 

, , . • , . . x . The encryption method selection unit 24 selects one of the 

When encrypted communication is started, nrst an initial Jr , n . . ... 
seed is generated in the server 10. The initial seed is, for ^ cryptographs processing units 26 to 29 in accordance with 
example! generated based on the time. Next, that initial seed 15 an iDstruction from the encryption method selection control 
is set in the trusted agents 11 and 14. Then the trusted agent unit 25 > aild transfers data received via the application 
11 in which the initial seed has been set is sent to the client interface 23 t0 ^ selected cryptographic processing 
15. As discussed above, the trusted agent 11 is transferred ™it. The encryption method selection control unit 25 gen- 
after having been encrypted by the RSA or DES method. erates and oul P ute an instruction signal for the purpose of 
Then the server 10 starts the trusted agent 14. 20 selecting one from among the cryptographic processing 

It is assumed that in the client 15, a program to receive the ™ il f 26 '° ^accordance with a specified algorithm. The 

agent has been started up. When the client 15 receives the racth ° d b ? whlch inst ™ ctl ° Q ^ » 8e ™^£ , 

tested agent 11, that trussed agent 11 is loaded into memory described below. The application interface section 23 is 

and started up as the trusted agent 17. „ b «acally the same as the application interface section 11-1 

_ j , . . , „ . ... . . . 25 shown in FIG. 3A and FIG. 3B. 

The trusted agents 14 and 17 establish a encrypted com- 
munication path! after that, cipher text is sent and received The trusted agent 32 has been transferred from the work- 

via that encrypted communication path. station 20 The apphcation interface unit 33, the encrypUon 

FIG. 4B is a diagram that explains the procedure by which niethod selection unit 34 ^"^^^o^ 

. & ... „ t t A ( •„ units 35 to 38 are basically the same, respectively, as the 

an encrypted communjcauon path between trusted agents is 30 . rflce unjl 23 ^ 10n method ^ 

estabhshed. Here it is assumed ^^^^^ tioo unit 24 and the cryptographic processing units 26 to 29 

already been started up. The cryptograph c P^mg sec- ^ ^ { ™J ^ ^ ^ ^ 32 

tions of the trusted agents 14 and 17 each consist of a corresponding to the encrypt™ method 

sending section and a reaving sect.on. The sending sectton ^ unk 25 P lhe J {ion selection 

encrypts data from an application program » perfonnj 35 unit 34 selects one of the cryptographic processing units 35 
send processing; tne receiving section converts encryp lE a 3g accordaQce ^ 

an instruction signal generated by 
data to plain text or appropriate application data and per- me]hod unU 1$ 

forms processing to transfer the data to an application }V ... 

program. The sending section and the receiving section are . The action of the : encrypted communication system shown 

realized by, for example, threads. 40 " ™5. f * 85 u f ° llow *- F * st > ^ a £ en 32 < h f at 18 

First, the sending section of the trusted agent 14 sends a * code * encrypted and transferred from 

request for connection to the receiving section of the trusted ^ workstation 20 to the workstation 30. 
agent 17. If, for example, the transmission path is an Next, the encryption method that is necessary for the 

ethemet, this connection request is transferred by a TCP encrypted communication is determined in the encryption 

packet. Since, at this time, the connection request will be 45 method selection control unit 25. The encryption method 

refused if the trusted agent 17 has not been started up, in this selection control unit 25 transfers information instructing 

case the sending section of the trusted agent 14 repeatedly which encryption method is to be used to the encryption 

issues the connection request until a response is received method selection unit 24, and to the encryption method 

from the receiving section of the trusted agent 17. selection unit 34 of the workstation 30. This secures the 

When the receiving section of the trusted agent 17 sends 5 0 ™ C W** communication path, 
a response message in response to the connection request When, for example, the encrypUon method selection 

and the receiving section of the trusted agent 14 receives that control unit 25 selects the first encryption method, then, as 

message, a path is established between the sending section shown in FIG. 5, in the workstation 20 data are encrypted 

of the trusted agent 14 and the receiving section of the using the 1st cryptographic processing unit 26, and in the 

trusted agent 17. The procedure for establishing a path 55 workstation 30 the cipher text or encrypted data is decrypted 

between the sending section of the trusted agent 17 and the using the 1st cryptographic processing unit 35. 
receiving section of the trusted agent 14 is similar. Communication data from the application program 21 are 

After that, the sending section of the trusted agent 14 encrypted in the cryptographic processing unit selected by 

encrypts data from the application program 13 and then the encrypUon method selection unit 24 via the application 

sends the encrypted data to the trusted agent 17 via the path 60 interface unit 23. The example shown in FIG. 5 shows the 

that has been established. The receiving section of the case in which the 1st cryptographic processing unit 26 has 

trusted agent 17 decrypts the received cipher text or been selected. 

encrypted data and transfers the resulting plain text or The encrypted data are sent to the workstation 30 via the 
appropriate application data to the application program 16. Internet 19. Data (cipher text or encrypted data) received by 
The procedure for sending encrypted data in the opposite 65 the workstation 30 are decrypted in the cryptographic pro- 
direction is similar. The encrypted data are, for example, cessing unit selected by the encryption method selection unit 
stored in a UDP packet and then transferred. 34 (in this example, the 1st cryptographic processing unit 
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35), and transferred to the application program 31 in the were set in 2 trusted agents as initial conditions. Here, the 

workstation 30 via the application interface unit 33. encryption method selection control units 25 and 39 have the 

Data transmission from the application program 31 in the same functions as one another, so that when the encryption 

workstation 30 to the application program 21 in the work- method selection control units 25 and 39 arc given the same 

station 20 is carried out by a similar encryption procedure. S initial conditions, they will generate the same results. 

The encryption method selection control unit 25 selects Consequently, the encryption method selection control units 

new encryption methods at regular or irregular intervals, and 25 and 39 independently of each other, but output the 

posts the selection results to the encryption method selection samc valucs as sl S nals mdlcatc thc encryption method 

unit 24 of the workstation 20 and the encryption method 10 be used - ^ ls called synchronization in the selection of 

selection unit 34 of the workstation 30. In this kind of 10 thc encryption method. 

configuration, the encryption method changes with time, By means of thc synchronization function, thc same 
making it difficult to decipher the encrypted data. encryption method is always selected in the workstation 20 
In the embodiment described above, the encryption and thc workstation 30, without the sending and receiving of 
method selection control unit 25 is provided in the work- information between them. This secures an encrypted corn- 
station 20, but it is also possible to, for example, install an 15 munication path. 

encryption method instruction server on the network, and to The action by which data arc encrypted and sent and 
have the trusted agents switch their encryption methods received between the application programs 21 and 31 is as 
based on instructions from that encryption method instruc- explained in FIG. 5. That is to say, communication data from 
tion server. lne application program 21 are encrypted in the crypto- 
Also, in the embodiment described above, the crypto- 20 graphic processing unit selected by the encryption method 
graphic processing units are within the trusted agents, but it selection unit 24. The encrypted data are sent to the work- 
is also possible to install a cryptographic processing unit slation 30 via ^ Internet 19 The ^ ( d P her lext or ci P her 
distribution server that distributes programs for the purpose lata) received by the workstation 30 are decrypted in the 
of cryptographic processing described in mobile code on a cryptographic processing unit selected by the encryption 
network, and to have programs for the purpose of crypto- 25 method selection unit 34, and transferred to thc application 
graphic processing distributed from the cryptographic pro- program 31 in the workstation 30. 

cessing unit distribution server to the trusted agents. Thus, the system shown in FIG. 6 is different from the 

FIG. 6 is a configuration diagram of the encrypted com- system shown in FIG. 5 in that thc encryption method 

munication system of another embodiment of this invention. selection control units 25 and 39 are mutually independent 

In FIG. 6, the previous explanations apply without change to and thc encryption methods are sequentially selected. The 

components to which the same symbols that were used in encryption method selection control units 25 and 39 select 

PIG j new encryption methods at regular or irregular intervals,and 

In the system shown in FIG. 6, the encryption method send th ose selection results to the encryption method selec- 

selection control unit 39 is provided in the trusted agent 32. 3S uon nnit 24 and the encryption method selection unit 34, 

The encryption method selection control unit 39 is the same respectively. In this configuration, the encryption method is 

as the encryption method selection control unit 25 within the changing with time, making it hard to decipher the encrypted 

trusted agent 22. Consequently, the trusted agent 32 can data - 

select thc same encryption method by itself as the encryption FIG. 7 shows an example of configuration of a cryplo- 

method selected by the trusted agent 22 without receiving an 40 graphic processing unit. The following discussion assumes 

instruction for the purpose of encryption method selection that pseudo random numbers are being used in the encryp- 

from the trusted agent 22. tion method. 

Now let us explain the action of the encrypted commu- Theoretically, as shown for example in FIG. 7A, the 

nication system shown in FIG. 6. First, the trusted agent 32 cryptographic processing unit consists of an exclusive logi- 

is transferred from the workstation 20 to the workstation 30. 45 cal sum generator 40 and a pseudo random number genera- 

This processing is as explained with reference to FIG. 5. tor 41. The pseudo random number generator 41 may be a 

The encryption method selection control unit 25 in the variable period type. The encrypted data (cipher text) are 
workstation 20 and the encryption method selection control obtained by inputting the data to be encrypted (plain lext) 
unit 39 in the workstation 30 determine their respective and pseudo random numbers generated by the pseudo ran- 
encryption methods independently of one another, and post 50 dom number generator 41 into the exclusive logical sum 
those respective encryption methods that have been deter- generator 40. The configuration is basically the same when 
mined to the encryption method selection unit 24 of the the cipher lext is decrypted into plain text, 
workstation 20 and thc encryption method selection unit 34 FIG. 7B shows another example of a cryptographic pro- 
of the workstation 30, respectively. Here, the encryption cessing unit. In this example, the cryptographic processing 
method selection control units 25 and 39 have synchroni- 55 unit has, in addition to the exclusive logical sum generator 
zation functions in the encryption method selection, so that 40 and the pseudo random number generator 41, a seed 
the same encryption method is selected by the encryption section 42 that generates seeds for the purpose of generating 
method selection control units 25 and 34. pseudo random numbers and a seed changing section 43 that 

Let us now simply explain what is meant by "synchro- outputs instructions to change the seeds that are generated in 

nization functions in thc encryption method selection". The 60 the seed section 42 at irregular intervals, 

encryption method selection control units 25 and 39 respec- In the cryptographic processing unit shown in FIG. 7B, 

tivcly output results obtained in accordance with given the period of the pseudo random numbers can be changed by 

initial conditions. The initial conditions given to the encryp- providing the seed section 42 and the seed changing section 

tion method selection control unit 39 are set in the work- 43, making it hard to decipher ttie encrypted data. The action 

station 20. These initial conditions are the same as those 65 by which plain text is encrypted using the exclusive logical 

given to the encryption method selection control unit 25. In sum generator 40 and the pseudo random number generator 

FIG. 4, which was discussed above, the same initial seeds 41 is the same as in the case shown in FIG. 7A. 
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Now let us explain the method of changing the period of 
the pseudo random numbers. In a case in which the pseudo 
random number generator is realized by a hardware circuit, 
the period of the pseudo random number generator is 
determined by, for example, changing the number of stages 5 
and the wiring in the linear feedback shift register system 
that generates the pseudo random numbers. 

An example of this is shown in FIG. 8. FIG. 8 shows a 
case in which one embodiment of a pseudo random number 
generator is realized by a hardware circuit. In FIG. 8, 44 is io 
a shift register, 45 is a path control section, sO to sl2 and sa 
to si are switches for path connection, xl to xl2 are 
exclusive logical sum circuits and rl to rl3 are bit elements 
of the shift register 44. In the circuit shown in FIG. 8, the 
signal generated by the path control section 45 is used, and is 
the period of the pseudo random numbers is changed by 
controlling the feedback of rl to rl3 in the shift register 44, 
by controlling the connection and disconnection of the paths 
by means of the switches sO to sl2 and the switches sa to si. 

Now, let us consider the realization of a pseudo random 20 
number generator that generates a 3-stage M series. A 
primitive polynomial that generates a 3-stage M series is 
x 3 +x+l; the hardware configuration is as shown in FIG. 9. 
In FIG. 9, 44 is a shift register and 46 is an exclusive logical 
sum circuit. Consequently, in the pseudo random number 25 
generator shown in FIG. 8, in order lo realize the configu- 
ration shown in FIG. 9, the switch s2 and the switch sb are 
set to ON, and the other switches are set to OFF. 

Primitive polynomials that generate an n-stagc M series 
and their periods are given below. 



30 



[number of 
stages n] 


(primitive polynomial] 


[period] 


2 


+ JC+ 1 


3 


3 


x 3 + x + 1 


7 


4 


x* + x + 1 


15 


5 


x^ + x^l 


31 


6 


X* + X + 1 


63 


7 


x 7 + x 3 + 1 


127 


8 


x* + x 4 + x 3 + x 3 + l 


255 


9 


X* + t* + 1 


511 


10 


X 10 + X 3 + 1 


1023 


11 


x ll + x* + l 


2047 


12 


x 11 + x" + Jt* + X + 1 


4055 



35 



For example, in order to realize a 6-stage pseudo random 
number generator, it is sufficient to feed back the sum of r6 
and rl shown in FIG. 8 to r6, so it is sufficient to set switch 
s5 and switch se to ON. 50 

Several examples of pseudo random number generators 
obtained as combinations of pseudo random number gen- 
erators are shown in FIG. 10. 

In the configuration shown in FIG. 10A, the output of the 
pseudo random number generator shown in FIG. 8 is used as 55 
is as pseudo random numbers. In the configuration shown in 
FIG. 10B, the 2 outputs of the pseudo random number 
generator 41a and the pseudo random number generator 41b 
are input lo the exclusive logical sum circuil 47, and the 
output of that exclusive logical sum circuit 47 is used as the 60 
pseudo random numbers. In this case, suppose for example 
that the initial seeds set in the pseudo random number 
generator 41a and the pseudo random number generator 41b 
are different from one another. In the configuration shown io 
FIG. 10C, the 3 pseudo random number generators 41c, 41d 65 
and 41e and the switch 48 are used; the outputs from the 2 
pseudo random number generators 41c and 41 d are input to 



the switch 48. The output of the pseudo random number 
generator 41e is used to control the switch 48 and select (he 
output of either the pseudo random number generator 41c or 
the pseudo random number generator 41d. Then the output 
of the switch 48 is used as the pseudo random numbers. 

In the trusted agent of this embodiment, there is a soft- 
ware program to realize the action described above, and 
pseudo random numbers are generated by executing that 
program. 

The trusted agents shown in FIG. 5 and FIG. 6 have a 
plurality of cryptographic processing units; it is possible to, 
for example, use the random number generation systems 
shown in FIGS. 10A to 10C as the pseudo random number 
generation sources in the first, second and third crypto- 
graphic processing units, respectively. 

FIG. 11 is a flow chart that shows the action of an 
encryption method selection control unit. Here we explain 
the action of the encryption method selection control unit 25 
in FIG. 5. 

In step SI, an initial seed is created based on the time, 
date, day of the week, etc. shown by the internal clock in the 
workstation 20. This initial seed is set inside the encryption 
method selection control unit 25. In step S2, a pseudo 
random number generator is used to generate pseudo ran- 
dom numbers from the initial seed created in step SI. In step 
S3, the encryption method is selected based on the pseudo 
random numbers generated in Step S2. In step S4, informa- 
tion that identifies the encryption method selected in step S3 
is transferred to the encryption method selection units 24 
and 34. 

In step S5, the timing with which the encryption method 
is switched is determined. This switching timing will be 
explained in more detail below; it is expressed in terms of a 
parameter such as number of packets or time. In step S6, 
whether or not the cryptographic processing sequence has 
reached the time for changing the encryption method is 
monitored. When the cryptographic processing sequence 
reaches the time for switching the encryption method, the 
pseudo random number that was generated immediately 
preceding that time is set as the seed in step S7, and then the 
procedure returns to step S2. After that, steps S2 to S7 are 
repeated. 

By means of the processing described above, the encryp- 
tion method is selected according to the pseudo random 
number; the encryption method is then repeatedly switched 
according to the timing determined by the pseudo random 
numbers. 

The method of selecting the encryption method in step S3 
and the method of determining the switching timing in step 
S5 are, for example, as follows. If 64-bit long type pseudo 
random numbers are used, the range of values obtained by 
sampling the pseudo random numbers is -9.223372035x 
10 lff to +9.223372035x10™. Consequently, in, for example, 
a case in which there are 10 encryption methods, values 
from 1 to 10 are obtained from the pseudo random numbers 
by taking: 

selected number-random/lO'N-l 

Here "random" is a pseudo random number generated by the 
pseudo random number generator. If there are 5 encryption 
methods, then values from 1 to 5 arc obtained from the 
pseudo random numbers by taking: 

selected number-(r»ndom/10 ,B V2+l 

If, for example, the number of packets is used to deter- 
mine the switching timing, then, in a procedure similar to 
that used to select the number of the encryption method, 

number of paclcts-iandom/lO'Vl 
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This gives a value from 1 to 92 based on the pseudo random sequence numbers. It is possible to expand the functions of 

number. the trusted agent 22 so that all of the processing shown in 

Supposing, for example, that "3" has been obtained as the FIG. 12A is executed by the trusted agent 22. 

selected number of the encryption procedure in step S3, and When the workstation 30 receives a packet, whether or 

that "13" has been obtained as the number of packets in step s not a p^et has been lost in transmission is judged from its 

S5 In this case, at the sending side, when 13 packets in ^ b If no loss is dctcctcd ^ tcd data 

t^tu rSi'^T^n inf SHSSE section is extracted and the data are decrypted Then the 

ing unit are stored have been sent, another cryptographic ■' r 

processing unit number is selected. Then if "2" is obtained decrypted data are assembled and transferred to the apph- 

as the selected number in step S3, data encrypted using the catl0n program 31. 

second cryptographic processing unit are output until the 10 In the processing described above, the trusted agent 32 

next switching time. Likewise, at the receiving side, when performs the processing to check the sequence numbers and 

13 packets in which encrypted data are stored have been the decryption processing. It is possible to expand the 

deciphered using the third cryptographic processing unit, functions of the trusted agent 32 so that the trusted agent 32 

another cryptographic processing unit number (here, "2") is executes all of the processing shown in FIG. 13. 

selected. Then, received packets are deciphered using the JS pjQ 14 fc a diagram to explain me method 0 f establishing 

i^time S pr ° CCSSmg Umt UnUl the neXl SWltCh " cryptographic synchronization. In encrypted communication 

m In the case of pseudo random numbers, as opposed to true usin S P seudo random numbers ' when P^kets are encrypted 

random numbers, once the initial seed and the generation usm S P seudo r J ndo1 ? numbers on lhe se L ndin g Slde ( th « 

algorithm are determined, the pseudo random numbers that encryption side), it is necessary to use the same pseudo 

will be obtained from that generation algorithm arc uniquely M random numbers as the pseudo random numbers used on the 

determined. In the configuration shown in FIG. 6, this sending side when those packets arc decrypted on the 

property of pseudo random numbers is used. That is to say, receiving side (the decryption side). The trusted agents 22 

since the trusted agents 22 and 32 have pseudo random and 32 generate the same pseudo random numbers in the 

number generators having the same algorithms, as described same sequence with the same timing, and execute encryp- 

above, if the same values are set as initial seeds, after that the is lion and decryption processing in their respective sequences, 

encryption method will be switched with the same timing in This establishes cryptographic synchronization, 

the trusted agents 22 and 32. If a packet has been lost in transmission, then, as shown 

As the method of setting the initial seed, after the same m FIG. 14A, which packet has been lost is detected on the 

value is set in the trusted agents 22 and 32 in the workstation decryption side, and the decryption processing using the 

20, the trusted agent 32 is transferred to the workstation 30. 30 pseu do random number corresponding to the packet that was 

Or, alternatively, the configuration can be such that a com- lost is sldpped . i n me example shown in FIG. 14A, packet 

mand to generate the initial seed is inserted into the trusted 3 hag becn { QQ ^ decryption side random(3) is not 

agents 22 and 32, and the trusted agents 22 and 32 then ^ bm inslead d Uon ^cessing using random(4) is 

generate their initial seeds independently. In this case, if for crformed with res ect to acket 4 

example the command is one that generates the initial seed ir , p i. u • . u j j • 

in accordance with "today's dale" and "the present time", 35 If the » d « of P a <* cts beeves interchanged during 

then, as long as the clocks in the workstations 20 and 30 arc transmission, then, as shown in FIG 14B, after packet 1 is 

functioning correctly, identical random numbers will be decrypted, if packet 3 is received when packet 2 should be 

generated in the trusted agents 22 and 32, and the same received, the decryption processing using random(2) is 

encryption methods will be selected. slapped. Next, packet 2 is received when packet 3 normally 

Next, let us explain the sequence when data are sent and *o would have been received, so the decryption processing 

received between application programs, referring to FIGS. using random(3) is skipped. After that, if packet 4 is received 

12 and 13. Here, we consider the case in which data are when packet 4 should be received, from this time decryption 

transmitted from the application program 21 in the work- processing using random(4) is carried out normally, 

station 20 to the application program 31 in the workstation Thus, the order of received packets is monitored on the 

30. 45 decryption side; when loss or interchange of order occurs, 

As shown in FIG. 12A, the data from application program synchronization of encryption processing and decryption 

21 are segmented for the purpose of storage in packets. Here, processing is maintained by skipping decryption processing, 

as one example we assume that UDP (User Datagram synchronization processing is carried out also in case 

Protocol) is used as the data transfer protocol. Next, data are mc ^ ret packet is lost. 

encrypted by the specified method, one segment at a time. A 5Q In ^ system shown - m RG s 0f FIG 6> m order l0 make 

sequence number is assigned to each data segment. The u difficuU tQ dcd hcr ^ e ted daUl( lhc encryption 

sequence numbers are used so that cryptographic synchro- method ^ cfa d a( l&[ QJ . ^ {n &n 

nization can be estabhshed be^een the sendmg side and the Uon melhod m which ^ of do random numbers 

receiving side even if a packet should be lost. That is to say, • . • -.i . i .u . jj. jo= i. 

the UDP protocol is appropriate when data requiring real 13 ll ' S P f S t0 make ^ ™ C *T data ( dl ® cult 

time processing such Z audio data and video data are 55 to decipher by changing the seed used to generate those 

transmitted, but since it does not have a resending function, P 8 ^ 0 random numbers at re £ ul f or intavals. 

if a packet is lost in transmission it will become impossible FIG - 15 shows an example of the configuration of an 

to reproduce the data on the receiving side. For this reason, encrypted communication system having the capability to 

a sequence number is assigned to each data segment, so that change the seed used to generate pseudo random numbers, 

the receiving side can detect the loss of packets and repro- 60 In FIG. 15, the workstations 50 and 54 correspond to the 

duce the data correctly. server 10 and the client 15, respectively, in FIG. 1. The 

After that, a header is added and sent to the workstation application programs 51 and 55 correspond to the applica- 

30. An example of a packet configuration is shown in FIG. tion programs 13 and 16, respectively, in FIG. 1. The trusted 

12B. The sequence numbers and the header are not agents 52 and 56 correspond to the trusted agents 14 and 17, 

encrypted. 65 respectively, in FIG. 1. 

In the processing described above, the trusted agent 22 The misled agent 52 has an application interface unit 53, 

does the encryption processing and the processing to assign and, as were explained referring to FIG. 7B, an exclusive 
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logical sum generator 40, a pseudo random number genera- an encrypted communication path. The seed server 59 

tor 41, a seed section 42 and a seed generating section (seed subsequently generates new seeds at regular or irregular 

changing section) 43. The trusted agent 56 has an applica- intervals and transfers them to the seed sections 42 and 42*. 

tion interface unit 57, and an exclusive logical sum generator Other action is the same as that described in FIG. 15. 

40 1 , a pseudo random number generator 41' and a seed s FIG. 17 shows an example of the configuration of another 

section 42'. The exclusive logical sum generator 40, the embodiment of this invention. In the system shown in FIG. 

pseudo random number generator 41 and the seed section 17, the trusted agents 52 and 56 have the seed generating 

42, and the exclusive logical sum generator 40', the pseudo sections 43 and 43', respectively. 

random number generator 41' and the seed section 42', are The seed generating sections 43 and 43' have the same 

respectively the same type of units. 10 functions as one another. In addition, the actions of the seed 

The action of the encrypted communication system shown generating sections 43 and 43' are synchronized with each 

in FIG. 15 is as follows. First, the trusted agent 56 that is other. That is to say, the same initial values are set in the seed 

described in mobile code is transferred from the workstation generating sections 43 and 43', and subsequently they output 

50 to the workstation 54. Next, the seed generating section the same seeds in sequence. The synchronization between 

43 creates 1 seed and transfers that seed to the seed sections 15 the seed generating sections 43 and 43* is basically the same 

42 and 42', respectively. At this time, a encrypted commu- as the synchronization between the encryption method selec- 

nication path between the trusted agents 52 and 56 is tion control units 25 and 39 shown in FIG. 6. 

established. The action of the system shown in FIG. 17 is as follows. 

The seed sections 42 and 42' input the seeds that they have First, the trusted agent 56 that is described in mobile code is 

received to the pseudo random number generators 41 and 20 transferred from the workstation 50 to the workstation 54. 

41', respectively. That is to say, the seeds input to the pseudo Next, the seeds generated by the seed generating sections 43 

random number generators 41 and 41' are the same as one and 43' are transferred to the seed sections 42 and 42', 

another. The pseudo random number generators 41 and 41' respectively, thus securing an encrypted communication 

generate pseudo random numbers in accordance with the path. At this time, the seed generating sections 43 and 43' 

respective received seeds and input them to the exclusive 25 output the same seeds in the same order. Other actions are 

logical sum generators 40 and 40'. The pseudo random as explained with reference to FIG. 15. 

numbers generated in the two units at this time are the same FIG. 18 is a flow chart that explains the action of a seed 

as one another. After that, the seed generating section 43 generating section or seed server. This processing is basi- 

generates new seeds at regular or irregular intervals in cally the same as that in the flow chart in FIG. 11, which 

accordance with the specified algorithm and transfers them 30 selects the encryption method. 

to the seed sections 42 and 42'. Consequently, the same The initial seed is set in step Sll. The method of setting 

pseudo random numbers are generated in the trusted agents the initial seed is as was explained with reference to FIG. 11. 

52 and 56. In step S12, pseudo random numbers are generated using the 

Data from the application program 51 are sent to the pseudo random number generator based on that initial seed, 

exclusive logical sum generator 40 via the application 35 In steps S13 and S14, the generated random numbers are 

interface unit 53. There the data are encrypted using the sent to the seed section as appropriate seeds. In step S15, the 

pseudo random numbers generated by the pseudo random timing at which the seed is changed is determined. This 

number generator 41. The encrypted data are sent to the change timing is shown by, for example, a parameter such as 

workstation 54 via the Internet 58. The data received by the number of packets or time. In step S16, whether or not the 

workstation 54 are decrypted in accordance with the pseudo 40 time has reached the seed changing timing is monitored, 

random numbers generated by the pseudo random number When the timing to change the seed is reached, in step S17 

generator 41' in the exclusive logical sum generator 40'. the immediately preceding generated pseudo random num- 

Then those decrypted data are transferred to the application ber is set as the new seed, and the procedure returns to step 

program 55 via the application interface unit 57. S12. After that, steps S12 to S17 are repeated. The seed is 

In the encryption/decryption processing described above, 45 changed at irregular intervals according to the processing 

the action of generating the pseudo random numbers is described above. 

mutually synchronized in the trusted agents 52 and 56, so In the system shown in FIG. 15, the seed generating 

that data encrypted in the trusted agent 52 are decrypted in section 43 executes the processing described above. In the 

the trusted agent 56. system shown in FIG. 16, the seed server 59 executes the 

FIG. 16 shows an example of configuration of another 50 processing described above. In the system shown in FIG. 17, 
embodiment of this invention. In the system shown in FIG. the seed generating sections 43 and 43' respectively execute 
16, the trusted agent 52 does not have a seed generating the processing described above. In the system shown in FIG. 
section 43; seeds are generated in a seed server 59 connected 17, the exclusive logical sum generator 40, the pseudo 
to the Internet 58. The seed server 59 has functions equiva- random number generator 41 seed section 42, and the seed 
lent to those of the seed generating section 43 in FIG. 15; 55 generating section 43; and the exclusive logical sum gen- 
new seeds are generated at regular or irregular intervals and erator 40', the pseudo random number generator 41' and seed 
transferred to the seed sections 42 and 42*. section 42', and the seed generating section 43' respectively 

The action of this system is as follows. First, the trusted have the same functions as one another, so that by setting the 

agent 56 that is described in mobile code is transferred from same initial seed in the seed generating sections 43 and 43', 

the workstation 50 to the workstation 54. Next, the seed 60 the same pseudo random numbers are subsequently gener- 

section 42 of the workstation 50 requests the seed server 59 ated in the same order. 

for a seed that is needed for encrypted communication. As FIG. 19 is a configuration diagram for the case in which 

this time, the trusted agent 52 notify the seed server 59 of the the encrypted communication system of this embodiment is 

corresponding terminal of the encrypted communication matched to the WWW (World Wide Web), 

(here, the workstation 54). The seed server 59 generates a 65 The server side software consists of the WWW server 60, 

seed in accordance with this request, and transfers the the permanently resident trusted agent 61, and the Applet 62 

generated seed to the seed sections 42 and 42'. This secures into which cryptographic processing units have been incor- 



03/10/2004, EAST Version: 1.4.1 



6,125,186 



15 



16 



porated. The Applet 62 is an agent with cryptographic 
processing. Meanwhile, the client side software is the 
WWW browser 63. The trusted agent 61 corresponds to the 
trusted agent 14 in FIG. 1. The Applet 62 is described in 
mobile code and corresponds to the trusted agent 11 in FIG. 5 
1. 

The action of this system is as follows. First, in the client 
side WWW browser 63, access to the WWW server 60 is 
performed; then the Applet 62 into which the cryptographic 
processing units are incorporated are transferred from the to 
server side to the client side and that Applet 62 is incorpo- 
rated into the WWW browser 63. The procedure by which 
an encrypted communication path is established between the 
trusted agent 61 and the Applet 62 is, for example, as shown 
in FIG. 4. 15 

When the desired data are requested from the WWW 
server 60 by the WWW browser 63, the data sent from the 
WWW server 60 in response to that request are encrypted by 
the trusted agent 61, and sent to the client side. On the client 
side, the cipher text that has been transferred via the 20 
encrypted communication path 64 is received by the Applet 
62. The Applet 62 knows a method to decrypt the data that 
were encrypted by the trusted agent 61. The Applet 62 
decrypts the cipher text received from the WWW server 60, 
and transfers those decrypted data to the browsing software 25 
of WWW browser 63. 

Thus, data transmitted from the WWW server 60 to the 
WWW browser 63 are encrypted by the trusted agent 61 
before being sent, and then are decrypted and reproduced by 
the Applet 62. 30 

FIG. 20 shows an example of the configuration in the case 
in which the encrypted communication of this invention 
corresponds to a video transmission system or an audio 
transmission system. In this example, a trusted agent into 
which the cryptographic processing units are incorporated (a 35 
trusted agent with cryptographic processing) is used in 
combination with applications for video transmission and 
audio transmission. 

The workstation 70 from which the audio data and the 
video data are sent consists of the camera 71, the analogue/ 40 
digital (A/D) converter 72, the frame buffer 73, the micro- 
phone 74, the analogue/digital (A/D) converter 75, the buffer 
76 and the permanently resident type trusted agent 77 that 
has a video data/audio data encryption function. In addition, 
it has the trusted agent 78 in which the decryption function 45 
corresponding to the encryption processing in the trusted 
agent 77 is described in mobile code. 

The workstation 80 that receives the video data/audio data 
consists of the trusted agent 78, into which cryptographic 
processing units are incorporated, sent from the sending side 50 
workstation 70; the frame buffer 82; the digital/analogue 
(D/A) converter 83; the display 84; the audio data reception 
buffer 85; the digital/analogue (D/A) converter 86 and the 
speaker 87. 

The action in this system when video data are sent and 55 
received is as follows. First, a request to send the trusted 
agent 78 is sent from the workstation 80 that wants to 
receive the video data to the sending side workstation 70. 
When the sending side workstation 70 receives this send 
request, it sends the trusted agent 78 that is needed when 60 
image data are decrypted to the receiving side workstation 
80. This completes the preparation for data transfer. 

The sending side workstation 70 converts the image data 
taken in from the camera 71 into a digital signal by means 
of the analogue/digital converter 72 and sends it to the frame 65 
buffer 73. The frame buffer 73 stores the data from the 
analogue/digital converter 72 to absorb the difference 



between the rale at which data are input from the camera 71 
and the encryption processing rate in the trusted agent 77. 

Next, the output data from the frame buffer 73 are 
encrypted by the trusted agent 77 and sent out to the 
network. In the receiving side workstation 80, the encrypted 
image data that were sent are received and decrypted by the 
trusted agent 78. The decrypted image data are reconverted 
to an analogue signal by the digital/analogue converter 83 
via the receiving side frame buffer 82 and displayed on the 
display 84. 

In the system shown in FIG. 20, the action in the case of 
transmission of audio data is almost the same as that 
described above. That is to say, the real time data that are 
transferred are audio data rather than video data, the micro- 
phone 74 replaces the camera 71 as the input section for the 
data to be transferred, and the speaker 87 replaces the 
display 84 as the output section. Otherwise the action is 
basically the same. 

FIG. 21 is a configuration diagram for the case in which 
the encrypted communication of this invention is used in an 
electronic conferencing system. In the electronic conferenc- 
ing system of this embodiment, an agent distributing station 
90 and a plurality of hosts 91 to 94 are mutually intercon- 
nected via a network 95. The agent distributing station 90 
has a user recognition function and distributes agents in 
response to requests from official users. The network 95 is, 
for example, a LAN. The multicast communication path 96 
is a transmission path for sending and receiving data among 
the hosts 91 to 94 during an electronic conference. The 
multicast communication path 96 can be established within 
the network 95, or it can be established on other physical 
lines separate from the network 95. 

A host that participates in an electronic conference 
requests the agent distributing station 90 to send an agent 
that is needed for encrypted communication in order to 
establish an encrypted communication path. That is to say if, 
for example, the hosts 91 to 94 are participating in an 
electronic conference, one among those hosts posts a mem- 
ber that is participating in the electronic conference to the 
agent distributing station 90. The agent distributing station 
90 then sends a trusted agent in which cryptographic pro- 
cessing units are incorporated to the host that made the 
request. The trusted agents 97 that are distributed to the 
respective hosts 91 to 94 secure encrypted communication 
paths among those hosts using the multicast communication 
path 96. Subsequently, data relating to the electronic con- 
ference are sent and received in encrypted form. 

The agent distributing station 90 can be configured so that 
it also serves the function(s) of the encryption method 
instruction server and/or the encryption processing unit 
distribution server described with reference to FIG. 5, or for 
example the seed server 59 shown in FIG. 16. 

Next, let us explain the interface between the trusted agent 
and the application. Here, as shown in FIG. 22A, we 
envision a case in which data are sent and received between 
the information processing unit 10 (the server in FIG. 1) and 
the information processing unit 15 (the client in FIG. 1). In 
this case, among the settings of the application program 13 
in the information processing unit 10, the information pro- 
cessing unit 15 is specified as the communication partner, 
and a port through which the application program 16 
receives data is specified as the communication port. 
Similarly, in the settings of the application program 16 of the 
information processing unit 15, the information processing 
unit 10 is specified as the communication partner, and a port 
through which the application program 13 receives data is 
specified as the communication port. 
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In order to perform encrypted communication, as shown images. It is described in Java (an object-oriented language 

in FIG. 22B, when the trusted agents 14 and 17 are used, in for Internet use developed by Sun Microsystems). This 

the settings of the application program 13 the same unit (the program also has a function to read bitmap-format image 

information processing unit 10) is specified as the comrmi- information (TO to T9.ppm) in from a server 2,043 bytes (b[ 

nication partner, and a port through which the trusted agent 5 ]) at a time and perform applet displays. This program 

14 receives data is specified as the communication port. displays 10 image files one after another and then repeats the 

Similarly, in the settings of the application program 17, the action ^ oul ijn e 0 f t h e display method is as follows. First, 

same unit (the information processing unit 15) is specified as a communication pat h t0 and from the server is established, 

the communication partner, and a port through which the and the necessary image files ^ requested. Nexl , that 

trusted agent 17 receives data is specified as the commum- w comnWation path is used to receive image files, and 

"Tus^by changing the settings of, for example, the ima f es , are Ut 115 7 ?™ detailed 

communication ports, data sent and received between the Ration abou the program referring to the drawings. 

application pro-ams 13 and 16 are transmitted via the A ) F^st, the class path is defined. 

trusted agents 14 and 17. That is to say, the data sent and * ™ e ™ na !> les |° be are determined 

received by the application programs 13 and 16 can be 15 ( c ) ™ 10x1 function is a function that performs initial 

encrypted merely by changing settings such as the comrmi- settin 6 s for the P ur POse of initiating communication with the 

nication ports, without changing the application programs server. The name of the server that is connected, the server 

13 and 16 themselves. port number and necessary file names are specified. In 
The proxy (communication routing port) setting is basi- addition, the pseudo random number generation specifica- 

cally changed the same way as the communication partner 20 tions are determined. 

and communication port described above. That is to say, if (D) The makesocket function is used to send a connection 

there is a function to set the proxy in an application program, request to the server and create a communication path, 

the information processing unit in which that application (E) T° c communication path that was created is used to 

program is installed and a port through which the trusted obtain information concerning the image width and height 

agent installed in that information processing unit receives 25 from the server. This information is needed when images are 

data, are set as the proxy. reproduced on the client side. 

The API (Application Interface) provided by the trusted (F) As makesocket function processing, a connection 

agent is used rather than the API provided by the system. In request is sent to the server and processing to set up a 

this case, normally it is necessary to recompile after the communication path is described. 

source program is changed. For example, if there is no 30 (G) The sendimagefile function is a function that uses the 

trusted agent, the section in which "open( );" appears, while communication path to send the necessary image file names 

if there is a trusted agent, the section should be changed to the server. 

"openTrusted( );" is changed, and then the source program (H) The getimage function is a function that uses the 

is recompiled. communication path to receive image files from the server 

It is also possible for a trusted agent of this embodiment 35 and create images, 

to be realized as a kernel module of the operating system (I) when there are no more data in the image files, 

(OS), and to be incorporated into the OS as necessary. For processing ends. 

example, in FIG. 22B, it is also possible for the trusted agent (J) Image data are decrypted 1 byte at a time. 

14 to be incorporated at kernel level of the OS that is (K) One pixel is created every 4 bytes. One pixel has 4 
installed in the information processing unit 10. 40 components: brightness, red, green and blue. 

As shown in FIG. 3, a trusted agent has an application (L) Images are made up of pixels, 

interface section and a cryptographic processing section. As (M) Encryption is prescribed. 

shown in FIG. 4, the cryptographic processing section (N) When the program starts up, this program is executed 

consists of a sending section and a receiving section. The as a thread. By executing as a thread, it becomes possible to 

sending section has a data encryption function, while the 45 execute a plurality of processings in parallel within one 

receiving section has a cipher text decryption function. In program. 

this embodiment, when a trusted agent that is described in (O) The thread action is prescribed. After a communica- 

mobile code is sent from the server to the client, it is possible lion path is created by the init function, the following 

to send only the application interface section and the sending substantive processing is actually executed, 

section, or only the application interface section and the 50 (P) Processing to display 10 image files is performed; then 

receiving section. this is repeated. 

One application of encryption and sending of data is (Q) The communication path is used to send the necessary 

broadcast communication, such as VOD (Video on image file names to the server. The sendimagefile function is 

Demand). In broadcast communication, the receiving side used for this processing. 

unit does not need to have a function to encrypt data as a ss (R)The communication path is used to receive image files 

code processing function; it only needs to have a function to from the server and create images. The getimage function is 

decrypt the cipher text that is sent. Consequently, in this used. 

case, when a trusted agent is sent to the broadcast commu- (S) The created images are displayed. 

nication receiving unit, only the application interface section As explained above, this invention makes encrypted com- 

and the receiving section are sent. 60 municaiion possible by sending an agent that incorporates 

An example of a program of a trusted agent described in cryptographic processing units to the communication part- 
mobile code is shown in FIG. 23 to FIG. 29. This program ner with which encrypted communication is to be carried 
corresponds to the trusted agent 11 in FIG. 1, and is out, or by receiving an agent that incorporates cryptographic 
transferred to the client. This program includes a function to processing units from that partner. For this reason, it is 
execute the cryptographic processing of image data. 65 possible to avoid publicizing the encryption method; and, by 

This program is for the purpose of reading files in from a using agents, the encryption method can be changed at 

WWW (World Wide Web) server and displaying animated regular or irregular intervals and the parameters needed in 
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encryption can be changed to make it difficult to decipher the 
encrypted data. Consequently, a strong encryption method is 
obtained, having a light overhead that is suitable for real 
time communication. 

This invention is not limited to a cryplosystem but can be 5 
widely applied to encode/decode (modulation/ 
demodulation) systems. In this case, an agent including a 
program for encode/decode (modulation/demodulation) pro- 
cessing described in mobile code is transmitted prior to data 
transmission, 10 

What is claimed is: 

1. An encryption communication method for transmitting 
encrypted data between a first terminal and a second 
terminal, comprising: 

transmitting, from the first terminal in which a first agent 15 
is installed, the first agent including a program for 
cryptographic processing, a second agent having a 
function identical to a function of the first agent, to the 
second terminal; 

performing encrypted communication between the first 
agent and the second agent; and 

independently and synchronously changing a parameter 
needed for the encrypted communication between the 
first and second agents while the encrypted communi- 
cation is being performed. 

2. An encryption communication method for transmitting 
encrypted data between first and second terminals, compris- 
ing: 

transmitting to the second terminal from the first terminal 
in which a first agent is installed, a second agent, the 
first and second agents each having identical functions 
and each including a plurality of cryptographic pro- 
cessing units; 

performing encrypted communication between the first 35 
and second agents; and 

synchronously changing the cryptographic processing 
units to be used between the first and second agents 
while the encrypted communication is being per- 
formed. 4 o 

3. An encryption communication method for transmitting 
encrypted data between a first terminal and a second 
terminal, comprising: 

transmitting to the second terminal from the first terminal 
in which a first agent is installed, a second agent, each 45 
of the first and second agents including a plurality of 
cryptographic processing units; 

performing encrypted communication between the first 
and second agents; 

instructing which cryptographic processing unit is to be 
used from an encryption method selection server to 
each of the first and second agents; and 

synchronously changing at each of the first and second 
agents the cryptographic processing units to be used in 55 
accordance with said instructing by the encryption 
method selection server. 

4. An encryption communication method for transmitting 
encrypted data between a first terminal and a second 
terminal, comprising: 60 

transmitting to the second terminal from the first terminal 
in which a first agent is installed, a second agent, each 
of the first and second agents having an identical 
function for determining the cryptographic processing 
unit to be used; 65 

setting an identical initial value in each of the first and 
second agents; 



50 



determining a cryptographic processing unit to be used 

according to the initial value at each of the first and 

second agents; 
performing encrypted communication between the first 

and second agents; and 
changing the cryptographic processing units according to 

said determining at each of the first and second agents. 

5. The encryption communication method according to 
claim 1, 

wherein the programs for cryptographic processing 
included in the first and second agents use a pseudo 
random number. 

6. The encryption communication method according to 
claim 5, further comprising the steps of: 

creating a seed for the pseudo random number in the first 
terminal; 

setting the seed in the first and second agents; 
generating the pseudo random number in accordance with 

the seed set in each of the first and second agents; and 
executing the cryptographic processing using the pseudo 

random number generated in each of the first and 

second agents. 

7. The encryption communication method according to 
claim 6, further comprising the step of changing the cryp- 
tographic processing at regular or irregular intervals. 

8. The encryption communication method according to 
claim 5, 

wherein a seed server which generates a seed for the 

pseudo random number is provided, and 
wherein said method further comprises the steps of: 
generating a seed for the pseudo random number in the 

seed server; 
setting the seed in the first and second agents; 
generating the pseudo random number in accordance 
with the set seed set in each of the first and second 
agents; and 

executing the cryptographic processing using the 
pseudo random number generated in each of the first 
and second agents. 

9. The encryption communication method according to 
claim 2, 

wherein each of the first and second agents has a function 
for creating a seed for a pseudo random number, the 
functions being the same as one another, and 
wherein said method further comprises the steps of: 
setting an identical initial value in each of the first and 

second agents; 
creating a seed for a pseudo random number according 
to the initial value at each of the first and second 
agents; and 

generating a pseudo random number in accordance 
with the seed and executing cryptographic process- 
ing using the seed in the first and second agents 
respectively. 

10. An encryption communication method for transmit- 
ting encrypted data among a plurality of terminals, com- 
prising: 

distributing agents including a program for cryptographic 
processing from an agent distributing server to the 
plurality of terminals; 

performing encrypted communication between the dis- 
tributed agents; and 

independently and synchronously changing a parameter 
needed for the encrypted communication among dis- 
tributed agents while the encrypted communication is 
being performed. 
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11. An encryption communication method for transmit- 
ting encrypted data among a plurality of terminals, com- 
prising: 

distributing agents from an agent distributing server to the 
plurality of terminals, each agent including a plurality 5 
of cryptographic processing units; 

performing encrypted communication between distrib- 
uted agents; and 

independently and synchronously changing a parameter JQ 
needed for the encrypted communication among the 
distributed agents while the encrypted communication 
is being performed. 

12. An encryption communication method for transmit- 
ting data between a first terminal and a second terminal, 1$ 
comprising: 

transmitting an agent including a program for crypto- 
graphic processing described in mobile code to the 
second terminal via a network; 

performing encrypted communication between the first 20 
terminal in which a program for cryptographic process- 
ing is installed and the second terminal using the agent, 
the program for cryptographic processing in the first 
and second terminals having an identical function to 
generate pseudo random numbers; and 25 

synchronously changing a parameter needed for the 
encrypted communication between the first and second 
terminals according to the pseudo random numbers 
independently generated at each of the first and second 
terminals. 30 

13. At least one storage medium storing at least one 
program that when executed causes at least one computer to 
perform cryptographic processing between first and second 
terminals, comprising: 

transmitting to the second terminal from the first terminal 
in which a first agent is installed, a second agent, the 
first agent including a program for cryptographic pro- 
cessing and the second agent having a function iden- 
tical to a function of the first agent; 

performing encrypted communication between the first 
and second agents; and 

independently and synchronously changing a parameter 
needed for the encrypted communication between the 
first and second agents while the encrypted communi- 45 
cation is being performed. 

14. At least one storage medium storing at least one 
program that when executed causes at least one computer to 
transmit encrypted data among a plurality of terminals, 
comprising: 50 

distributing agents including a program for cryptographic 
processing from an agent distributing server to the 
plurality of terminals; 

performing encrypted communication between distrib- 
uted agents; and 
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independently and synchronously changing a parameter 
needed for the encrypted communication among dis- 
tributed agents while the encrypted communication is 
being performed. 

15. An encryption communication method for transmit- 
ting encrypted data between a first terminal and a second 
terminal, comprising the steps of: 

transmitting from the first terminal in which a first agent 
is installed, a second agent, the first and second agents 
providing a plurality of cryptographic processing units 
and having identical functions, including a function for 
creating a pseudo random number; and 

performing an encryption communication between the 
first and second agents using the cryptographic pro- 
cessing units, the cryptographic processing units used 
by the first and second agents being synchronously 
changed according to the pseudo random numbers 
which are independently generated in each of the first 
and second agents. 

16. An encrypted communication method for transmitting 
encrypted data between a first terminal and a second 
terminal, comprising: 

installing in the first terminal a first agent including a 

program for cryptographic processing; 
transmitting the first agent from the first terminal to the 

second terminal to form a second agent at (he second 

terminal; and 

performing encrypted communication between the first 
and second terminals via the first and second agents 
while independently and synchronously changing at the 
first and second terminals an encryption parameter used 
in the encrypted communication. 

17. An encrypted communication method as recited in 
claim 16, wherein said performing comprises: 

encrypting communication between the first and second 
terminals using an encryption key; and 

synchronously changing the encryption key indepen- 
dently in the first and second agents according to a 
predetermined rule. 

18. An encrypted communication method as recited in 
claim 16, 

wherein said first agent includes a plurality of encryption 
methods 

wherein said performing comprises: 
synchronously and independently in the first and sec- 
ond agents selecting one of the encryption methods; 
and 

encrypting communication between the first and sec- 
ond terminals using the selected encryption method. 
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